DNS: Parse and extract DNS NULL records
At the moment the DNS parser gives you "NULL" as rrtype, but the related metadata of those NULL records/DNS packets is missing. In the attached eve.json you can find the current output.
I would expect something like this (equivalent to the content from packet 18 in Wireshark output):
Null (data): 42617365313238
This is related to Feature #2970
Updated by Sascha Steinbiss almost 3 years ago
Just FYI, I have also started working on this and have also added possibly interesting RR types such as SRV and NS.
NULL and NS are straightforward as they are simple buffers or domain names, but SRV needed another structured sub-object. Please see https://github.com/OISF/suricata/commit/e449676eee1f120f527222253e4efe939330b98e for a first shot. Happy to prepare a PR.